Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

streamerda...er.exe

windows11-21h2-x64

1

Resubmissions

10/05/2024, 16:14

240510-tpphashd95 5

10/05/2024, 15:48

240510-s8xscadd3w 5

Analysis

  • max time kernel
    947s
  • max time network
    457s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/05/2024, 16:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    streamerdata/streamer.exe

  • Size

    842KB

  • MD5

    040cd888e971f2872d6d5dafd52e6194

  • SHA1

    1aa1255ade0ff100ff4e5e727ceaa42fc1c1cb09

  • SHA256

    77c2372364b6dd56bc787fda46e6f4240aaa0353ead1e3071224d454038a545e

  • SHA512

    eb79b987809ac686d173be9644ce3f04004a0c36c741f07d50237b4e31776a958616fe73b4039234a536a8d837fbd7317fabe126b0b4255ce9d076df9cf4505f

  • SSDEEP

    12288:pCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgawQUQZ:pCdxte/80jYLT3U1jfsWawQUQZ

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\streamerdata\streamer.exe
    "C:\Users\Admin\AppData\Local\Temp\streamerdata\streamer.exe"
    1⤵
      PID:2612
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2088
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2020
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:5012
        • C:\Windows\system32\where.exe
          where -R C:\ *streamer.exe*
          2⤵
            PID:2864
          • C:\Users\Admin\AppData\Local\Temp\streamerdata\streamer.exe
            C:\Users\Admin\AppData\Local\Temp\streamerdata\streamer.exe
            2⤵
              PID:2516
          • C:\Windows\system32\AUDIODG.EXE
            C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004C8
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:4652

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
            Filesize

            10KB

            MD5

            df46eb1fe5d54a0521d9965203a4a9da

            SHA1

            e977aae1bb82f3d57267ead3b91df3d82d6d50c6

            SHA256

            6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d

            SHA512

            5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e

            Download Submit